#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

IT security | Breaking Cybersecurity News | The Hacker News

10 Critical Endpoint Security Tips You Should Know

10 Critical Endpoint Security Tips You Should Know

Apr 26, 2024 Endpoint Security / IT Security
In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your Entry Points Understanding your network's
Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability

Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability

Mar 11, 2024 Network Security / Vulnerability
Technical specifics and a proof-of-concept (PoC) exploit have been made available for a recently disclosed critical security flaw in Progress Software OpenEdge Authentication Gateway and AdminServer, which could be potentially exploited to bypass authentication protections. Tracked as  CVE-2024-1403 , the vulnerability has a maximum severity rating of 10.0 on the CVSS scoring system. It impacts OpenEdge versions 11.7.18 and earlier, 12.2.13 and earlier, and 12.8.0.  "When the OpenEdge Authentication Gateway (OEAG) is configured with an OpenEdge Domain that uses the OS local authentication provider to grant user-id and password logins on operating platforms supported by active releases of OpenEdge, a vulnerability in the authentication routines may lead to unauthorized access on attempted logins," the company  said  in an advisory released late last month. "Similarly, when an AdminServer connection is made by OpenEdge Explorer (OEE) and OpenEdge Management (OEM), it also utilizes t
Are We Ready to Give Up on Security Awareness Training?

Are We Ready to Give Up on Security Awareness Training?

Dec 19, 2023 Cybersecurity Training / IT Security
Some of you have already started budgeting for 2024 and allocating funds to security areas within your organization. It is safe to say that employee security awareness training is one of the expenditure items, too. However, its effectiveness is an open question with people still engaging in insecure behaviors at the workplace. Besides, social engineering remains one of the most prevalent attacks, followed by a successful data breach.  Microsoft found  that a popular form of video-based training reduces phish-clicking behavior by about 3%, at best. This number has been stable over the years, says Microsoft, while phishing attacks are increasing yearly.  Regardless, organizations have faith in training and tend to increase their security investments in employee training after attacks. It comes second in the priority list for 51% of organizations, right after incident response planning and testing, according to the IBM Security  "Cost of the Data Breach Report 2023" .  So, wh
cyber security

Demonstrate Responsible AI: Get the ISO 42001 Compliance Checklist from Vanta

websiteVantaCompliance / Security Audit
ISO 42001 helps organizations demonstrate trustworthy AI practices in accordance with global standards. With Vanta, completing the requirements for ISO 42001 compliance can be done in a fraction of the time. Download the checklist to get started.
Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks

Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks

May 20, 2024Software Security / Vulnerability
All developers want to create secure and dependable software. They should feel proud to release their code with the full confidence they did not introduce any weaknesses or anti-patterns into their applications. Unfortunately, developers are not writing their own code for the most part these days. 96% of all software contains some open-source components, and open-source components make up between  70% and 90% of any given piece of modern software . Unfortunately for our security-minded developers, most modern vulnerabilities come from those software components.  As new vulnerabilities emerge and are publicly reported as  Common Vulnerabilities and Exposures  (CVEs), security teams have little choice but to ask the developer to refactor the code to include different versions of the dependencies. Nobody is happy in this situation, as it blocks new features and can be maddening to roll back component versions and hope that nothing breaks. Developers need a way to  quickly  determine if
How to Automate the Hardest Parts of Employee Offboarding

How to Automate the Hardest Parts of Employee Offboarding

Nov 16, 2023 SaaS Account Management
According to recent research on  employee offboarding , 70% of IT professionals say they've experienced the negative effects of incomplete IT offboarding, whether in the form of a security incident tied to an account that wasn't deprovisioned, a surprise bill for resources that aren't in use anymore, or a missed handoff of a critical resource or account. This is despite an average of five hours spent per departing employee on activities like finding and deprovisioning SaaS accounts. As the SaaS footprint within most organizations continues to expand, it is becoming exponentially more difficult (and time-consuming) to ensure all access is deprovisioned or transferred when an employee leaves the organization.  How Nudge Security can help Nudge Security is a  SaaS management platform  for modern IT governance and security. It discovers every cloud and SaaS account ever created by anyone in your organization, including generative AI apps, giving you a single source of truth for depa
Guide: Alert Overload and Handling for Lean IT Security Teams

Guide: Alert Overload and Handling for Lean IT Security Teams

Feb 09, 2022
Alarming research reveals the stress and strains the average cybersecurity team experiences on a daily basis. As many as  70% of teams  report feeling emotionally overwhelmed by security alerts. Those alerts come at such high volume, high velocity, and high intensity that they become an extreme source of stress. So extreme, in fact, that people's home lives are negatively affected. Alert overload is bad for those who work in cybersecurity. But it's even worse for everyone who depends on cybersecurity.  This is a gigantic issue in the industry, yet few people even acknowledge it, let alone deal with it. Cynet aims to correct that in this guide ( download here ), starting by shining a light on the cause of the problem and the full extent of its consequences and then offering a few ways lean security teams can pull their analysts out of the ocean of false positives and get them back to shore. It includes tips on how to reduce alerts using automation and shares guidance for organ
Keeping the Bots at Bay: How to Detect Brute Force Attacks

Keeping the Bots at Bay: How to Detect Brute Force Attacks

Nov 20, 2014
Thanks to recent events involving certain celebrities' stolen pictures, "brute-force attack" is now one of the hot buzz words making its rounds. As an IT professional - do you know what a brute force attack is, how to spot one when it happens, and how to prevent it? A brute-force attack is, simply, an attack on a username, password, etc. that systematically checks all possible combinations until the correct one is found. Scripts are usually used in these attacks to automate the process of arriving at the correct username/password combination. This is why time is of the essence when it comes to detecting and stopping a brute force attack – the more time the attacker has, the more passwords can be tried. Brute force attacks are one of the few hacks detectable by their volume, rather than their type. In your web (or proprietary app) logs, you'll usually see a crazy amount of failed login attempts, usually originating from the same IP address. You might even see the same accoun
'The Hacker News' Celebrating its 4th Anniversary

'The Hacker News' Celebrating its 4th Anniversary

Nov 01, 2014
Dear THN Readers, ' The Hacker News ' is celebrating its 4th Anniversary today and we would like to thank every single Hacker, Researcher, Journalist, Enthusiast who has contributed to our phenomenal growth. When we began our journey 4 years back as a Small Local Community of few Hackers and Security Researchers, we had a dream of providing the Hacking Community with World's not first but best Hacking and IT Security News Platform. We wanted to gift hacking community members and security researchers their own trusted and an unique News platform, which is run by Hackers and dedicated to Hackers, a platform which is free from Censorship, Conventions, Governments and Borders. Now, we have been Internationally recognized as a leading news source dedicated to promoting awareness for cyber security experts and hackers. We are happy to announce that this project is now Supported and endorsed by thousands of Security Experts, administrators and members of vario
Crowd-Sourced Threat Intelligence: AlienVault Open Threat Exchange™ (OTX)

Crowd-Sourced Threat Intelligence: AlienVault Open Threat Exchange™ (OTX)

Jul 14, 2014
For years, the systems and networks that run our businesses have been secured by the efforts of IT and security practitioners acting on their own. We continue to deploy the latest countermeasures, always trying to keep up with adversaries. Criminal attackers, on the other hand, have shared information quite successfully to facilitate their exploits. Couple this with the "attacker's advantage" of choosing where, when and how to launch attacks, and it is no surprise that collaborative hackers appear to be winning against even the largest companies, despite generous spending on security tools. As an industry, we need a threat-sharing solution that is open and available to everyone for the mutual benefit of all who contribute. With this goal in mind, AlienVault created the Open Threat Exchange™ (OTX) . What is the Open Threat Exchange (OTX)? OTX is an open information sharing and analysis network that provides real-time, actionable threat information submitted by over 8,
'The Hacker News' Magazine - Relaunching New Editions

'The Hacker News' Magazine - Relaunching New Editions

Feb 04, 2014
Dear Readers,  After publishing 15 informative editions of ' The Hacker News ' magazine in past 2 years; we at THN are again planning to relaunch the new Chapters of ' The Hacker News Magazine '. The Hacker News (THN) Monthly Magazine is the most comprehensive and informative collection of IT Security, Hacking and innovative technological notions since about 2011. THN Magazine is a free monthly magazine designed to spread awareness and knowledge about cyber security. Now on the demand of our readers, we are going to launch our new Monthly editions of the THN Magazine with some new sections, innovative themes in addition with some interactive interview sessions, from the month of March this year. We cordially invite IT adepts and specialists to contribute as Authors with their new researches and knowledgeable articles, as the goal of our Free Hacking Magazine is to provide the most up-to-date information on a wide variety of topics that relate to hackers
DDoS Attacks : A Serious unstoppable menace for IT security communities

DDoS Attacks : A Serious unstoppable menace for IT security communities

Oct 18, 2013
It should be the busiest day of the year for your business, but your website has just disappeared off the Internet and orders have dried up. If this happens to you, then you likely just become yet another victim of a distributed denial of service (DDoS) attack . By now, everyone who uses the Internet has come across DDoS attacks . It is one of the oldest attack technologies on the web, and a popular way of paralyzing the huge data centers. Just yesterday we have reported about a massive 100Gbps DDoS attack that hit World's 3rd Largest Chinese Bitcoin exchange for 9 hours. Arbor Networks, a leading provider of DDoS and advanced threat protection solutions, today released data on global distributed denial of service (DDoS) attack trends for the first three quarters of 2013, revealed that this kind of attack still represents a serious menace for IT security communities.  The document provides an interesting overview into Internet traffic patterns and threat evolutio
Importance of Logs and Log Management for IT Security

Importance of Logs and Log Management for IT Security

Oct 02, 2013
IT Security is the name of the game and no matter how big or small the size of your organization, you will always invest enough on securing certain aspects of your IT network. In many organizations, it starts with monitoring your network for vulnerabilities that may enter the network to access potentially sensitive information in the form of security attacks . For example, you may have firewalls as your first line of defense, followed by vulnerability management, intrusion detection and prevention systems, managing your network configurations and so on.  These are crucial because: Your routers can be easily breached without proper configuration and restrictions.  If a firewall isn't configured correctly, a hacker can easily spot a port that is accidentally left open and can gain access to the network.  Rogue access points, botnet malware and social engineering can make your wireless a porthole into your LAN. Why Logs? The very purpose of IT security is to be
Snowden files : NSA can crack almost any Encryption including Tor anonymity network

Snowden files : NSA can crack almost any Encryption including Tor anonymity network

Sep 07, 2013
The spy agencies' activities have gone on for more than a decade. Now we have enough details about how the NSA eavesdrops on the internet, another explosive news has emerged yesterday from the Snowden files that NSA has the ability to decrypt most of anything that is on the internet. They have done this not through cracking encryption mathematically, but by secretly using influence and billions of dollars to insert backdoors designed to preserve their ability to eavesdrop.  Also the majority of devices connected to the Tor anonymity network may be using encryption keys that can be broken by the National Security Agency, according to Rob Graham, CEO of penetration testing firm Errata Security. The ability to crack high-level encryption is something that has been a pretty significant legend in the infosec community. Graham arrived at that conclusion after analyzing nearly 23,000 Tor connections through an exit node that Graham controls and about 76 percent of the
EHACK : The Largest Information Security Awareness Marathon Globally

EHACK : The Largest Information Security Awareness Marathon Globally

Aug 16, 2013
More than 9000+ participants enter the Guinness book of World Records for the largest congregation for information Security. E-Hack, world largest Ethical Hacking workshop was organized by InfySEC at SRM University on July 27 and 28,2013 . The expected participant count was 4500+ but on the day of the event the participant count were as high as 9637 students participated to be a part of E-HACK making it the LARGEST IT SECURITY AWARENESS MARATHON GLOBALLY , which made the organizing team to facilitate other two mini auditorium available in the same venue with speakers like Mr. Karthikeyan,founder of Zazvik Solutions, Mr.Santhosh Srinivasan, director of Symantec,Mr.Patrick Martinent, a Google developer Expert, Mr. Vinod Senthil,Director of Infysec, Mr.Ashish Chandra Mishra,Chief Information Security Officer at Tesco HSC, Mr. Rishi Narang,lead consultant with Aujas Networks , VT Gopal - Professor, Anna University and Dr.Prateep V.Philip IPS,AGDP, Tamil Nadu Crime Division.
Cybersecurity
Expert Insights
Cybersecurity Resources